frib database security

This material is based upon work supported by the U.S. Department of Energy Office of Science under Cooperative Agreement DE-SC0000661.Michigan State University designs and establishes FRIB as a DOE Office of Science National User Facility in support of the mission of the Office of Nuclear Physics.

FRIB Database Security

V. Vuppala,Controls DB Meeting

Security Requirements Access Control Specification Access Control Realization Security Architecture Design Concerns Summary

Overview

, Slide 2

General• Authentication and Authorization• Role-based access control• Delegation

Structural• Controlled access to components, their attributes and relationships• Area Managers are responsible for structural data

Behavioral or Operational• Controlled access to Operation of the Accelerator• Not managed by area managers• Operations Group responsible for Controls System (CS)• Experimental Group responsible for CS in Experimental Areas• Dynamic Access Control (Check-in/out Model)

Services• Controlled access to application functionality

Security Requirements

V. Vuppala,Controls DB Meeting, Slide 3

Information Architecture

, Slide 4V. Vuppala,Controls DB Meeting

Application layer• Operator interfaces• High-level applications• Libraries

Service layer• Access to data• Programming Interface

Data layer• Managed data• Instrument data• No direct access

Example

V. Vuppala,Controls DB Meeting, Slide 5

S1

S2

S3Services

Application

1. What is the PV for XXX?

2. PV is PS01

3. Add Log E

ntry ‘YY

Y’ to L1

4. Done

5. ca

put P

S01 10

6. Don

e

Persons, Groups, Roles Core

• Grouping of Components Based on Areas• Areas Associated with Roles• Grouping of Components Based on Operations• Operational Groups Associated with Roles• Develop a Tool to Specify Authorization and Delegation

Services• Each Application Has Its Own Authorization Data

Access Specification

V. Vuppala,Controls DB Meeting, Slide 6

Roles

V. Vuppala,Controls DB Meeting, Slide 7

class Data Model

Role

«column»*PK ID :INTEGER Name :CHAR(64)

«PK»+ PK_Role(INTEGER)

Person

«column»*PK ID :INTEGER Name :CHAR(64)* LoginID :CHAR(32)

«PK»+ PK_Person(INTEGER)

«unique»+ UQ_Person_LoginID(CHAR)

Group

«column» ID :INTEGER Name :CHAR(64) Description :VARCHAR(255)

0..* 0..*

0..*

0..1+parent 0..*

{acyclic}

+child 0..*

0..*

0..1

Authorization: Core Structural

V. Vuppala,Controls DB Meeting, Slide 8

class Data Model

Configuration-Component

«column»*PK ID :INTEGER* Qualifier :CHAR(1) Instance :CHAR(4) Operational :BOOL

«PK»+ PK_Configuration-Component(INTEGER)

AreaElement

«column»*PK ID Name :CHAR(64)

«PK»+ PK_AreaElement()

Role

«column»*PK ID :INTEGER Name :CHAR(64)

«PK»+ PK_Role(INTEGER)

AreaPriv s

- Description :char- privilege :int

0..1

0..*

+Parent 0..1

{acyclic}

+Child 0..*

0..*0..*

Authorization: Core Operational

V. Vuppala,Controls DB Meeting, Slide 9

class Data Model

Configuration-Component

«column»*PK ID :INTEGER* Qualifier :CHAR(1) Instance :CHAR(4) Operational :BOOL

«PK»+ PK_Configuration-Component(INTEGER)

Role

«column»*PK ID :INTEGER Name :CHAR(64)

«PK»+ PK_Role(INTEGER)

OpsElement

«column» ID :INTEGER Name :CHAR(64) Description :VARCHAR(255)

OpsPriv s

- Description :char- Privileges :int

0..*

0..*

0..10..*

Access Control: Realization

V. Vuppala,Controls DB Meeting, Slide 10

S1

S2

S3

1. What is the PV for XXX?

[Token]

2. PV is PS01

3. Add Log E

ntry ‘YY

Y’ to L1.

[Token]

4. Done

5. ca

put P

S01 10

.

[Toke

n]

6. Don

e

Auth

Credentials

Token

Channel Access Does Not Support Tokens• Develop a Gateway?

Auth Service • Use Kerberos or Develop New Service• Single Point of Failure: Redundant Servers

Each Service Needs to Provide Security Configuration Tool• No Good Generic Way to Provide Service-Level Authorization

What About Dynamic Access Control?• Develop an Application for Reservation and Release (Check-in/out)

Concerns

V. Vuppala,Controls DB Meeting, Slide 11

Authentication/Authorization Service Ticket Based System Persons, Groups, Roles Component Groupings for Core Security Specifications Service-Level Access Control left to Services Access Controls on IOCs Tools

• To Specify Core Authorizations• To Specify Service-Level Authorizations• To Reserve and Release Components

Architecture

V. Vuppala,Controls DB Meeting, Slide 12

Security Must Be Integrated Into DesignNot Very TrivialNo PrecedenceWork In Progress

Summary

, Slide 13V. Vuppala,Controls DB Meeting